I recently installed new firefox version on my ubuntu and was trying to find some text on a webpage. Suddenly, as I pressed next to search it, the searchbox turns red showing Phrase not found and started making beep noise. I was annoyed, So was thinking of way to disable / turn it off. To look for some preference to set, I typed about:config (special firefox about: pages) in location bar and searched for sound. I was lucky i found two related preferences.

So you can set accessibility.typeaheadfind.enablesound Value to false by double clicking it. And you are done. No more beep beep to annoy you.

This is specially very useful when you want to see contents (.js, .css, .html files) included in firefox extension’s jar file. After it list the contents, you can easily browse through the directory, sorting files etc.

Update: Security problems that come with jar: protocol
While serching for pages related to jar protocol in firefox, I found an interesting article at www.gnucitizen.org

In simple terms, it means that any application which allows upload of JAR/ZIP files is potentially vulnerable to a persistent Cross-site Scripting. Potential targets for this attack include applications such as web mail clients, collaboration systems, document sharing systems, almost everything that smells like Web2.0, etc, etc, etc.

Similar security concerns also arise in data: protocol in firefox. So one need to be careful to filter files you want to allow for upload. Actually, once I had similar situation with a website which allowed you to host image files, but the problem was they were not checking for file types. Thats means you are allowed to upload a php file too. So now you can do anything you want with that server (don’t ask me what I did ). So beware of such issues.

What actually happened: Cross Site Scripting, when we want user to input some data (which may be html/javascript) and displays it back. So if html/script tags are not properly checked it can cause trouble. Earlier I hadn’t checked for javascript, iframe inputs. So somebody just inserted an iframe as message input in my shout box. And the source of iframe contained redirection to another website. So when shouts were displayed on the page the iframe code was displayed as it is and page got redirected to other page.

Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.

Solution : Idea is to filter meta characters such as (< , >, ‘ , ” etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.
So while doing in php you can do:

$shout=str_replace("<","<",$_GET["shout"]);

And to be on safer side we should also replace following characters:
replace ( with (
replace ) with )
replace & with &
replace ' with '
replace " with "

Or If you are not expecting user to input these characters then you can simply replace these with null string;

The replacements which I have mentioned above can be easily done using htmlspecialchars but if you want to extend it to all html tags then you can use htmlentities. And to strip both html and php tags from string you can use strip_tags. The disadvantage with strip_tags is that it doesn’t validate html so can cause trouble in case of broken html tags. It also provide you option to exclude list of tags from being stripped.

So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]

More and more companies restrict your access to certain websites. Usually it’s for a good reason, however if you’re pretty tech savvy and not worried about having the website “steamysingles.com” in the log file associated with your system, then this little tip site is for you. These methods includes :

Create the rar file:rar a secret.rar <your secret file>cat img.jpg secret.rar > newimg.jpgNow this newimage looks identical to img.jpg, but it has secret.rar contained in it
Pull the file back out with this command: unrar x newimg.jpg

BlackBox is an application that makes use of steganography. You have the ability to hide messages within Bitmap (BMP) files with no changes to the image or even the any of its properties, such as its file size. Useful for people who would like to send anonymous messages.

Typing DOS commands on the Windows Command Line prompt is a most efficient and faster way of doing things in Windows XP. Here’s a run-down of the most useful DOS commands available in Windows XP. Some of these DOS commands even do not have an visual alternative. Digital Inspiration has a nice roundup of 10 very useful commands and tricks that can help you get things done quickly from the command line.Useful Windows XP DOS Commands & Tricks [Digital Inspiration]